Is it safe to paste my JWT here?

Yes. The token is decoded entirely in your browser using JavaScript. No data is sent to any server. However, never share JWTs publicly as they may contain sensitive claims.

Can this tool verify the JWT signature?

The tool decodes and displays the signature but cannot verify it without the secret key. For HMAC signatures you can optionally enter the secret to verify.

What JWT algorithms are supported?

The decoder handles all standard JWT algorithms including HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384 and ES512. The algorithm is displayed in the decoded header.

Decode JWT Online Free

Paste a JSON Web Token and instantly see its decoded header, payload and signature information. This free tool decodes JWTs entirely in your browser, so your authentication tokens are never exposed to a third-party server.

Open JWT Decoder

Decoded JWT Example

Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Header:
  { "alg": "HS256", "typ": "JWT" }

Payload:
  { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 }

Common Use Cases

Inspecting JWT claims during authentication debugging
Checking token expiration times (exp claim)
Verifying token issuer and audience claims
Reviewing permissions and roles encoded in tokens

Frequently Asked Questions

Is it safe to paste my JWT here?: Yes. The token is decoded entirely in your browser using JavaScript. No data is sent to any server. However, never share JWTs publicly as they may contain sensitive claims.
Can this tool verify the JWT signature?: The tool decodes and displays the signature but cannot verify it without the secret key. For HMAC signatures you can optionally enter the secret to verify.
What JWT algorithms are supported?: The decoder handles all standard JWT algorithms including HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384 and ES512. The algorithm is displayed in the decoded header.